diff options
| author | cedricnjanga | 2018-02-23 13:29:07 -0800 |
|---|---|---|
| committer | cedricnjanga | 2018-02-23 13:29:07 -0800 |
| commit | 69b901fa1223fb78142a1e4e76d1b88d879aec61 (patch) | |
| tree | 759c4e26b2b532032752d82e2158fa0f712fa9c7 | |
| parent | 206bf218e1b84dbe53683ec2e3f983cd30f7ded1 (diff) | |
| download | chouette-core-69b901fa1223fb78142a1e4e76d1b88d879aec61.tar.bz2 | |
Refs #5950 Fix 404 error when user wants to see CCSet from other organisation :
- remove begin_association_chain in controller
- Change collecyion to only see user organisayion CCSet and STIF CCSet
- add policy for show action
| -rw-r--r-- | app/controllers/compliance_control_sets_controller.rb | 9 | ||||
| -rw-r--r-- | app/policies/application_policy.rb | 5 | ||||
| -rw-r--r-- | app/policies/compliance_control_set_policy.rb | 4 |
3 files changed, 11 insertions, 7 deletions
diff --git a/app/controllers/compliance_control_sets_controller.rb b/app/controllers/compliance_control_sets_controller.rb index 8f9251155..621eeb9a5 100644 --- a/app/controllers/compliance_control_sets_controller.rb +++ b/app/controllers/compliance_control_sets_controller.rb @@ -27,16 +27,11 @@ class ComplianceControlSetsController < ChouetteController redirect_to(compliance_control_sets_path) end - protected - - def begin_of_association_chain - current_organisation - end - private def collection - scope = self.ransack_period_range(scope: ComplianceControlSet.all, error_message: t('imports.filters.error_period_filter'), query: :where_updated_at_between) + scope = ComplianceControlSet.joins(:organisation).where('organisation_id = ? OR organisations.code = ?', current_organisation.id, 'STIF') + scope = self.ransack_period_range(scope: scope, error_message: t('imports.filters.error_period_filter'), query: :where_updated_at_between) @q_for_form = scope.ransack(params[:q]) compliance_control_sets = @q_for_form.result compliance_control_sets = joins_with_associated_objects(compliance_control_sets).order(sort_column + ' ' + sort_direction) if sort_column && sort_direction diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index c44937c9e..d14839bdf 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -96,6 +96,11 @@ class ApplicationPolicy end + def belongs_to_stif? + record.try(:organisation).try(:code) == "STIF" + end + + # # Helpers # ------- diff --git a/app/policies/compliance_control_set_policy.rb b/app/policies/compliance_control_set_policy.rb index 011f6c0c7..e3fb83e38 100644 --- a/app/policies/compliance_control_set_policy.rb +++ b/app/policies/compliance_control_set_policy.rb @@ -5,6 +5,10 @@ class ComplianceControlSetPolicy < ApplicationPolicy end end + def show? + organisation_match? or belongs_to_stif? + end + def destroy? user.has_permission?('compliance_control_sets.destroy') end |